Overview 

This week, Apple released security updates to address a zero-day vulnerability impacting iPhones and macOS. The company issues an advisory stating that they are aware of the flaw (CVE-2022-32917) and that it may have been actively exploited.  

CVE-2022-32917 is a zero-day that allows a malicious app to run arbitrary code on a device with kernel privileges. The flaw could give attackers full access to the device and its data and is the eighth zero-day for Apple this year. Apple has supplied updates for the following:  

  • macOS Monterey 12.6 
  • macOS Big Sur 11.7 
  • iOS 15.7 
  • iPadOS 15.7 

Apple has not released how CVE-2022-32917 is being exploited by attackers and there is no further information regarding the vulnerability. Omitting information is common for Apple, as they likely want to allow customers to patch their devices before attackers can exploit the flaw and start targeting vulnerable users.  

In addition to patching CVE-2022-32917 this week, Apple back-ported a patch for a different zero-day (CVE-2022-32894) to Macs running macOS Big Sur 11.7. The WebKit zero-day vulnerability was patched at the end of August and affects iOS versions running on older iPhones and iPads. Avertium urges all Apple users to update their devices as soon as possible to block exploitation attempts.  

 

 

How Avertium is Protecting Our Customers:

  • Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident.  
  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills.  
     
  • Avertium offers Zero Trust Architecture, like AppGate, to stop malware lateral movement.   

 

 

Avertium's recommendations

Please patch your device as soon as possible. You can find guidance on security updates at the links below:   





 INDICATOR'S OF COMPROMISE (IOCS):

While Apple products are not widely used at an enterprise level, these devices could provide an attack vector to company executives. Avertium is raising awareness among our customers to patch this vulnerability before it is too late.   




 

Supporting documentation

Apple fixes eighth zero-day used to hack iPhones and Macs this year (bleepingcomputer.com) 

Apple security updates - Apple Support 

Apple releases iOS and macOS fixes to patch a new zero-day under attack | TechCrunch 

 

 

 

Related Reading: Apple Release Security for Zero-Day Vulnerabilities Exploited by Attackers

 

Contact us for more information about Avertium’s managed security service capabilities.